Note:">
MAY">
MUST">
MUST NOT">
OPTIONAL">
RECOMMENDED">
REQUIRED">
SHALL">
SHALL NOT">
SHOULD">
SHOULD NOT">
]>
The Hypertext Transfer Protocol Status Code 308 (Permanent Redirect)greenbytes GmbHHafenweg 16MuensterNW48155Germanyjulian.reschke@greenbytes.dehttp://greenbytes.de/tech/webdav/Applications
HTTPHTTPredirectstatus code
This document specifies the additional Hypertext Transfer Protocol (HTTP)
status code 308 (Permanent Redirect).
HTTP defines a set of status codes for the purpose of redirecting a request
to a different URI (). The history of these status codes is summarized in
, which
also classifies the existing status codes into four categories.
The first of these categories contains the status codes 301 (Moved Permanently),
302 (Found), and 307 (Temporary Redirect), which can be classified as below:
PermanentTemporaryAllows changing the request method from POST to GET301302Does not allow changing the request method from POST to GET-307
states that it does not define a permanent variant of status code 307;
this specification adds
the status code 308, defining this missing variant ().
This specification contains no technical changes from the Experimental RFC 7238,
which it obsoletes.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in .
The 308 (Permanent Redirect) status code indicates that the
target resource has been assigned a new permanent URI and
any future references to this resource ought to use one of the enclosed
URIs. Clients with link editing capabilities ought to automatically re-link
references to the effective request URI ()
to one or more of the new references sent by the server, where possible.
The server &SHOULD; generate a Location header field () in the
response containing a preferred URI reference for the new permanent URI.
The user agent &MAY; use the Location field value for automatic redirection.
The server's response payload usually contains a short hypertext note with
a hyperlink to the new URI(s).
A 308 response is cacheable by default; i.e., unless otherwise indicated by
the method definition or explicit cache controls (see ).
&Note; This status code is similar to 301 (Moved Permanently) (), except
that it does not allow changing the request method from POST to GET.
requires recipients to treat unknown 3xx status codes the same way as
status code 300 (Multiple Choices) ().
Thus, servers will not be able to rely on automatic redirection happening
similar to status codes 301, 302, or 307.
Therefore, the use of status code 308 is restricted to cases where
the server has sufficient confidence in the client's understanding the new
code or when a fallback to the semantics of status code 300 is not problematic.
Server implementers are advised not to vary the status code based on
characteristics of the request, such as the User-Agent header field
("User-Agent Sniffing") — doing so usually results in code that is both
hard to maintain and hard to debug and would also require special attention to caching
(i.e., setting a "Vary" response header field, as defined in
).
Note that many existing HTML-based user agents will emulate a refresh when encountering
an HTML <meta> refresh directive (). This can be used as another
fallback. For example:
Client request:
GET / HTTP/1.1
Host: example.com
Server response:
HTTP/1.1 308 Permanent Redirect
Content-Type: text/html; charset=UTF-8
Location: http://example.com/new
Content-Length: <!DOCTYPE HTML>
<html>
<head>
<title>Permanent Redirect</title>
<meta http-equiv="refresh"
content="0; url=http://example.com/new">
</head>
<body>
<p>
The document has been moved to
<a href="http://example.com/new"
>http://example.com/new</a>.
</p>
</body>
</html>
All security considerations that apply to HTTP redirects apply to the
308 status code as well (see ).
Unsecured communication over the Internet is subject to man-in-the-middle
modification of messages, including changing status codes or
redirect targets. Use of Transport Layer Security (TLS) is one way to mitigate those attacks.
See for related
attacks on authority and message integrity.
The "Hypertext Transfer Protocol (HTTP) Status Code Registry"
(defined in
and located at )
has been updated to reference this specification.
ValueDescriptionReference308Permanent Redirect of this specification
Key words for use in RFCs to Indicate Requirement LevelsHarvard Universitysob@harvard.eduUniform Resource Identifier (URI): Generic SyntaxWorld Wide Web Consortiumtimbl@w3.orghttp://www.w3.org/People/Berners-Lee/Day Softwarefielding@gbiv.comhttp://roy.gbiv.com/Adobe Systems IncorporatedLMM@acm.orghttp://larry.masinter.net/Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and RoutingAdobe Systems Incorporatedfielding@gbiv.comgreenbytes GmbHjulian.reschke@greenbytes.deHypertext Transfer Protocol (HTTP/1.1): Semantics and ContentAdobe Systems Incorporatedfielding@gbiv.comgreenbytes GmbHjulian.reschke@greenbytes.deHypertext Transfer Protocol (HTTP/1.1): CachingAdobe Systems Incorporatedfielding@gbiv.comRackspacemnot@mnot.netgreenbytes GmbHjulian.reschke@greenbytes.deHTML5
Latest version available at
.
The definition for the new status code 308 reuses text from
the HTTP/1.1 definitions of status codes 301 and 307.
Furthermore, thanks to Ben Campbell, Cyrus Daboo, Adrian Farrell, Eran Hammer-Lahav,
Bjoern Hoehrmann, Barry Leiba,
Subramanian Moonesamy, Kathleen Moriarty, Peter Saint-Andre,
Robert Sparks, and Roy Fielding for feedback on this document.